﻿<%@ page contentType="text/html; charset=UTF-8" language="java" %>
<%@ page import="my.myorm.tool.jdbc.SQLExecutor" %>
<%@ page import="my.myorm.tool.jdbc.SQLManager" %>
<%@ page import="com.util.SuperString" %>
<%@ page import="com.mtbu.bean.SysUser" %>
<%@ page import="com.mtbu.comm.Util" %>
<%@ page import="com.mtbu.service.LogUtil" %>
<%@page import="my.myorm.tool.jdbc.ResultList"%>
<%@page import="com.mtbu.bean.SysFunc"%>
<%@page import="java.util.Map"%>
<%@page import="java.util.HashMap"%>
<%@page import="com.mtbu.service.DataUtil"%>
<%
	//IP限制
	String ip = Util.getIpAddr(request);
	//if(!SuperString.isAllowedIP(ip, Util.getProperties("DAC_LOGIN_ACCESSIP"))) {
	//    System.out.println("Access Denied: " + ip);
	//    out.print("抱歉，您没有权限访问！");
	//    return;
	//}

    if(request.getMethod().equalsIgnoreCase("post")) {
        //登录
        String username = SuperString.notNull(request.getParameter("username"));
        String password = SuperString.notNull(request.getParameter("password"));
        String url = SuperString.notNull(request.getParameter("url"));
        if(username.length() == 0 || password.length() == 0) {
            Util.callInfo("请输入帐号和口令！", request, response);
            return;
        }
        SQLExecutor dbconn = SQLManager.getSQLExecutor();
        String sql = "";
        sql = "select * from sys_user where username=? and password=? ";
        //sql = "select * from sys_user where username=? ";
        dbconn.addParam(username);
        dbconn.addParam(Util.encodeDes(password));

		//System.out.println("Util.encodeDes(password):" + Util.encodeDes(password));

        SysUser user = dbconn.queryForBean(sql, SysUser.class);
        if(user == null) {
            Util.callInfo("帐号或口令错误！", request, response);
            return;
        }
        //设置用户功能
        String[] arr_perstr = user.getPermission().split(",");
        for(int i=0;i<arr_perstr.length;i++){
	        sql = "select f.FuncID from sys_func_map m,sys_func f where m.fid=f.id and m.type=0 and m.urname=? and f.ModuleID=?";
	        dbconn.addParam(username);
	        dbconn.addParam(arr_perstr[i]);
			ResultList maplist = dbconn.query(sql,false,null);
			String m_func = maplist.size()>0?",":"";
			for(int j=0;j<maplist.size();j++){
				m_func += maplist.get(j).get(SysFunc.class).getFuncID()+",";
			}
			user.getFuncmap().put(arr_perstr[i],m_func);
        }
        //设置用户关注分类
        LogUtil.writeLog(user.getUserName(),"登录系统","",request,null);

        session.setAttribute("sys.user", user);
        session.setAttribute("admin_name", user.getUserName());

        String gourl =  "sys_admin.jsp" + (!"".equals(url) ? "?url=" + Util.encodeUrl(url) : "");
        url = Util.decodeUrl(url);
        if(url.indexOf("sys_admin.jsp") >= 0) gourl = url;
        response.sendRedirect(gourl);
        return;
    }


%>
